Provocateur Comes Into View After Cyberattack

Sven Olaf Kamphuis calls himself the “minister of telecommunications and foreign affairs for the Republic of CyberBunker.” Others see him as the Prince of Spam.

Mr. Kamphuis, who is actually Dutch, is at the heart of an international investigation into one of the biggest cyberattacks identified by authorities. He has not been charged with any crime and he denies direct involvement. But because of his outspoken position in a loose federation of hackers, authorities in the Netherlands and several other countries are examining what role he or the Internet companies he runs played in snarling traffic on the Web this week.

He describes himself in his own Web postings as an Internet freedom fighter, along the lines of Julian Assange of WikiLeaks, with political views that range from eccentric to offensive. His likes: German heavy metal music, “Beavis and Butt-head” and the campaign to legalize medicinal marijuana. His dislikes: Jews, Luddites and authority.

Dutch computer security experts and former associates describe Mr. Kamphuis as a loner with brilliant programming skills. He did not respond to various requests for interviews, but he has communicated with the public through his Facebook page, which includes photos of himself, a thin, angular man with close-cropped hair and dark, bushy eyebrows, often wearing a hoodie sweatshirt.

“He’s like a loose cannon,” said Erik Bais, the owner of A2B-Internet, an Internet service provider that used to work with Mr. Kamphuis’s company, but severed ties two years ago. “He has no regard for repercussions or collateral damage.”

Mr. Kamphuis’s current nemesis is Spamhaus, a group based in Geneva that fights Internet spam by publishing blacklists of alleged offenders. Clients of Spamhaus use the information to block annoying e-mails offering discount Viagra or financial windfalls. But Mr. Kamphuis and other critics call Spamhaus a censor that judges what is or isn’t spam. Spamhaus acted, he wrote, “without any court verdict, just by blackmail of suppliers and Jew lies.”

Photo

CyberBunker, a Web hosting site run by Sven Olaf Kamphuis, was blacklisted by Spamhaus.com.

The spat that rocked the Internet escalated in mid-March when Spamhaus blacklisted two companies that Mr. Kamphuis runs, CB3ROB, an Internet service provider, and CyberBunker, a Web hosting service. Spamhaus contended that CyberBunker was a conduit for vast amounts of spam. CyberBunker says it accepts business from any site as long as it does not deal in “child porn nor anything related to terrorism.”

Mr. Kamphuis responded by soliciting support for a hackers’ campaign to snarl Spamhaus’s Internet operations. “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet,” he wrote on Facebook on March 23.

Mr. Kamphuis later disavowed any direct role in the so-called distributed denial of service, or DDoS, attack, which spilled over from Spamhaus to affect other sites. He took to Facebook to inform the world that the flood of Internet traffic that threatened to cripple parts of the Web emanated from Stophaus, an ad-hoc, amorphous group set up in January with the aim to thwart Spamhaus, a company it claims uses its “tiny business to attempt to control the Internet through underhanded extortion tactics.” Stophaus, which lists no contact or location for the group, claims to have members in the United States, Canada, Russia, Ukraine, China and Western Europe.

Mr. Kamphuis said Stophaus was not a front for him; he is merely acting as a spokesman.

Nonetheless, the authorities are curious. The Dutch national prosecutor’s office said on Thursday that it had opened an investigation. Wim de Bruin, a spokesman for the agency, which is based in Rotterdam, said prosecutors were first trying to determine whether the DDoS attacks had originated in the Netherlands. Authorities in Britain and several other European countries are also looking into the matter.

Mr. Kamphuis, who is believed to be about 35, is singled out because of his vocal role. “For the Dutch Internet community, it’s very clear that he has a big role in this, even if there isn’t 100 percent airtight proof that he is behind it,” said J. P. Velders, a security specialist at the University of Amsterdam. “He could not be not involved. How much is he involved — that is for law enforcement to figure out and to act upon.”

Greenhost, a Dutch Internet hosting service, said in a detailed blog post that it had found the digital fingerprints of CB3ROB when it examined the rogue traffic that had been directed at Spamhaus.

Mr. Kamphuis created CB3ROB in 1996 and helped set up CyberBunker in 1999. From 1999 to 2001, he worked on the help desk at a Dutch Internet service provider, XS4ALL, according to one senior manager at the company who declined to be named, citing company policy. One co-worker said Mr. Kamphuis was constantly being reprimanded for hacking into his employer’s computer system. He was known for eccentric behavior; during a company trip to Berlin, the former co-worker said, Mr. Kamphuis refused to travel with his colleagues and rode alone in a bus.

Photo

Mr. Kamphuis says Spamhaus, an anti-spam company, has too much power in deciding what constitutes spam.Credit
unitymedianews.com

“Sven absolutely hates authority in any form,” this person said. “He was very smart. Too smart for customers, by the way. Oftentimes they couldn’t understand his technobabble when he tried to help them.”

After leaving XS4ALL, he continued to run his Web hosting business, which was based for a time in a former army bunker in Goes, the Netherlands. Photos on Mr. Kamphuis’s Facebook page show him holding a flag in front of the bunker, like a freedom fighter defending his redoubt.

CyberBunker still lists its address as the bunker. But Joost Verboom, a Dutch businessman, says the address is occupied by his own company, BunkerInfra Datacenters, which is building a subterranean Web hosting center at the site. Mr. Verboom said CyberBunker and Mr. Kamphuis left the site a decade ago. It is not clear where the servers of CyberBunker and CB3ROB are now.

An error has occurred. Please try again later.

You are already subscribed to this email.

Associates say Mr. Kamphuis moved to Berlin in about 2006, and his Facebook page displays photos indicating his interest in the Pirate Party, a small political movement focusing on Internet issues that holds some opposition seats in Berlin’s city-state government assembly, and in the Chaos Computer Club, a group that discusses computer issues.

For a time, CyberBunker’s clients included WikiLeaks and The Pirate Bay, a Web site whose founders were convicted by a Swedish court in 2009 of abetting movie and music piracy. In May 2010, six American entertainment companies obtained a preliminary injunction in a German court ordering CB3ROB and CyberBunker to stop providing bandwidth to The Pirate Bay.

Since the attacks, Mr. Kamphuis has given television interviews from what appeared to be an empty Internet cafe or office. In a Russian television interview, he suggested that the people responsible for the attacks were in countries where there were no laws against cyberattacks or no serious enforcement.

Mr. Kamphuis also continued to provoke people in Facebook postings. “The Internet is puking out a cancer, please stand by while it is being removed,” he wrote.

Correction: March 31, 2013

An earlier version of a photo caption with this article misstated the credit. It is Unitymedianews.com, not Unitynewsmedia.com.

A version of this article appears in print on March 30, 2013, on Page A1 of the New York edition with the headline: After Attack on Web, a Shadowy Provocateur Comes Into View. Order Reprints|Today's Paper|Subscribe